Peer-to-Peer (P2P) digital payment services, like Zelle, are making national news for the new fraud technique being used on their sites. Like similar scams, fraudsters use a new and evolved form of social engineering to trick users into giving them the information they need to steal their money.
How the scam works:
- The scammer will reach out to the victim by text alert asking if they have made a large purchase on a digital payment app. These text will appear to be from a trusted credit union or bank.
- To those who reply “no” to the text, will soon receive a call from what seems to be their financial institution’s fraud department. The fraudsters will use a method called spoofing, to make it seem like the caller ID is in fact coming from the CU or bank.
- The victim will then receive instructions on how they can retrieve the ‘stolen’ funds themselves. This includes disabling this mobile number from the app, transferring money to themselves, and giving the scammer their Two-Factor Authentication (2FA) passcode.
- Digital payments sent by the victim end up going to the scammer’s account.
How to Avoid the Scam:
- Know your digital payment app policies. Many of them will decline refunds since transactions done by you are viewed as authorized. This is even true when you accidently pay someone else.
- Contact your credit union or bank. It’s never a bad thing to double check! Call the number found on the website and ask to be routed to the fraud department from there to verify the caller is in fact from the financial institution.
- Calm your sense of urgency. When you find out you could potently lose money, it’s natural to try to be as time effective as possible. Verify everything, ask yourself “does this process make sense”, and take a moment to think about what is happening.
- Never give out your 2FA passcode. You can read our newsletter article on 2FA scams to learn more about how this is never a good idea in any situation.